diff options
| author | Felix Bühler <Stunkymonkey@users.noreply.github.com> | 2023-08-17 21:01:40 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-17 21:01:40 +0200 |
| commit | 96481fd20114ce51eef3b8f68bf54176bdce730e (patch) | |
| tree | 594978e028e1793afdaf882515b6b3797f2a71c7 | |
| parent | df9f0dfbf641921b667f644a48f48fb5a3bc20cd (diff) | |
| parent | 86c67a1f112454d3906efd34f5249f3f23dd08fc (diff) | |
Merge pull request #249323 from kevincox/photoprism-chmod
nixos.photoprism: Relax sandbox to allow running exiftool
| -rw-r--r-- | nixos/modules/services/web-apps/photoprism.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/web-apps/photoprism.nix b/nixos/modules/services/web-apps/photoprism.nix index d5ca6014780ab..423ad5375baab 100644 --- a/nixos/modules/services/web-apps/photoprism.nix +++ b/nixos/modules/services/web-apps/photoprism.nix @@ -123,7 +123,7 @@ in RestrictNamespaces = true; RestrictRealtime = true; SystemCallArchitectures = "native"; - SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ]; + SystemCallFilter = [ "@system-service" "~@setuid @keyring" ]; UMask = "0066"; } // lib.optionalAttrs (cfg.port < 1024) { AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; |